European cyber security authorities are establishing new rules that would prevent U.S. law enforcement from acquiring critical data stored in Europe by U.S. cloud providers, including major tech companies like Google, Amazon, and Microsoft. The new cloud cyber security certification may be finalized as soon as next year.
U.S. cloud providers may eventually face even stricter cyber security requirements in Europe. As Politico reports, Guillaume Poupard, director general of France’s cybers security agency, the ANSSI, said he aims to establish “a rule that only European law is applicable on cloud products certified in Europe.” The rule would block foreign laws, such as the U.S. CLOUD Act which requires companies to give foreign data to U.S. authorities upon request, from affecting critical services like financial and health care services in the continent. According to Poupard, the new rule “will be a real test, a real objective for the political will to achieve strategic autonomy in the digital field” in Europe.
Major U.S. Technology Companies Prepare for EU Rules
Some major U.S. technology companies are already getting ready for these laws. Microsoft pledged that it will house all its European customers’ data in the continent. “We have already begun engineering work so our core cloud services will both store and process in the EU all personal data of our EU commercial and public sector customers, if they so choose,” the company announced in a blog post in May. “This plan includes any personal data in diagnostic data and service-generated data, and personal data we use to provide technical support.”
Google, T-Systems, and German telecom operator Deutsche Telekom are partnering to create a sovereign cloud for Germany.
“Together with Google Cloud, we will build a sovereign cloud services portfolio that provides clients with full control over their data, software and operations whilst leveraging the full power of Google Cloud,” said Adel Al-Saleh, member of the Telekom Board of Management and CEO of T-Systems, in a press announcement. “Even stricter compliance requirements for public sector institutions will be addressed. We are happy that we’ll be able to offer customers a cloud solution that is secure and sovereign, but also gives access to the innovation and scalability of Google Cloud in Germany. We are also considering Austria and Switzerland as a next step.”
Google also recently announced it will form a joint company with Thales, a French defense company, to provide a sovereign hyperscale cloud service in France. According to Reuters, the company will offer all of Google Cloud’s services while its network and servers will stand alone from those used by the tech giant’s regular clients. “The company is going to run Google software on its infrastructure… with layers of security to ensure cybersecurity and protection of data from extraterritorial rules,” said Marc Darmon, head of secure communications and information systems at Thales.
Also in France, leading digital companies Capgemini and Orange plan to establish a partnership dubbed “Bleu.” The company will provide Microsoft services through an independent “Cloud de Confiance” that is in compliance with the country’s sovereignty requirements.
Data privacy laws will continue to evolve in Europe. As they do, U.S. organizations need to prepare by ensuring they are in compliance with these laws.
Data Privacy Training for Your Organization
The IEEE | IAPP Data Privacy Engineering Collection trains engineers and technology professionals to ensure that an organization’s products and operations meet privacy goals and mitigate risks. The program delivers practical knowledge and insights to address challenges companies may be currently facing and in the future.
The IEEE | IAPP Data Privacy Engineering Collection includes:
- 7 online learning courses based on the IAPP Certified Information Privacy Technologist (CIPT) training and certification body of knowledge, including the option of the CIPT certification exam
- 15 online learning courses from IEEE on related AI, Data Privacy and Data Protection topics which offer CEUs/PDHs for successful completion
- 25 draft IEEE Standards critical to interoperability in data privacy
Speak to an IEEE Account Specialist today!
Rosemain, Mathieu. (6 October 2021). France’s Thales partners with Google on secure cloud services. Reuters.
Cerulus, Laurens. (13 September 2021). France wants cyber rule to curb US access to EU data. Politico.
Leibiger, Frank. (8 September 2021). T-Systems and Google Cloud Partner to Deliver Sovereign Cloud for Germany. Telekom.com.
Press Release. (27 May 2021). Capgemini and Orange announce plan to create “Bleu”, a company to provide a ”Cloud de Confiance” in France. Capgemini.com.
Smith, Brad. (6 May 2021). Answering Europe’s Call: Storing and Processing EU Data in the EU. Microsoft.